Examples with SecurityToken org.apache.cxf.ws.security.tokenstore.SecurityToken used on opensource projects

Search in sources :

Example 76 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.

the class SymmetricBindingHandler method getUTDerivedKey.

private SecurityToken getUTDerivedKey() throws WSSecurityException {
    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
    for (WSHandlerResult rResult : results) {
        List<WSSecurityEngineResult> wsSecEngineResults = rResult.getActionResults().get(WSConstants.UT_NOPASSWORD);
        if (wsSecEngineResults != null) {
            for (WSSecurityEngineResult wser : wsSecEngineResults) {
                String utID = (String) wser.get(WSSecurityEngineResult.TAG_ID);
                if (utID == null || utID.length() == 0) {
                    utID = wssConfig.getIdAllocator().createId("UsernameToken-", null);
                }
                Instant created = Instant.now();
                Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
                SecurityToken securityToken = new SecurityToken(utID, created, expires);
                byte[] secret = (byte[]) wser.get(WSSecurityEngineResult.TAG_SECRET);
                securityToken.setSecret(secret);
                return securityToken;
            }
        }
    }
    return null;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Instant(java.time.Instant) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 77 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.

the class SymmetricBindingHandler method setupUTDerivedKey.

private String setupUTDerivedKey(UsernameToken sigToken) throws WSSecurityException {
    boolean useMac = hasSignedPartsOrElements();
    WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, useMac);
    String id = usernameToken.getId();
    byte[] secret = usernameToken.getDerivedKey();
    Instant created = Instant.now();
    Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
    SecurityToken tempTok = new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
    tempTok.setSecret(secret);
    tokenStore.add(tempTok);
    return id;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Instant(java.time.Instant) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)

Example 78 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.

the class TransportBindingHandler method doIssuedTokenSignature.

private byte[] doIssuedTokenSignature(final AbstractToken token, final SupportingTokens wrapper) throws Exception {
    boolean tokenIncluded = false;
    // Get the issued token
    SecurityToken secTok = getSecurityToken();
    if (secTok == null) {
        LOG.fine("The retrieved SecurityToken was null");
        Exception ex = new Exception("The retrieved SecurityToken was null");
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    if (isTokenRequired(token.getIncludeTokenType())) {
        // Add the token
        Element el = cloneElement(secTok.getToken());
        // if (securityTok != null) {
        // do we need to sign this as well?
        // String id = addWsuIdToElement(el);
        // sigParts.add(new WSEncryptionPart(id));
        // }
        addEncryptedKeyElement(el);
        tokenIncluded = true;
    }
    List<WSEncryptionPart> sigParts = signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
    if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        return doDerivedKeySignature(tokenIncluded, secTok, token, sigParts);
    }
    return doSignature(tokenIncluded, secTok, token, wrapper, sigParts);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) Element(org.w3c.dom.Element) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 79 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.

the class TransportBindingHandler method handleBinding.

public void handleBinding() {
    WSSecTimestamp timestamp = createTimestamp();
    handleLayout(timestamp);
    try {
        if (this.isRequestor()) {
            TransportToken transportTokenWrapper = tbinding.getTransportToken();
            if (transportTokenWrapper != null) {
                AbstractToken transportToken = transportTokenWrapper.getToken();
                if (transportToken instanceof IssuedToken) {
                    SecurityToken secToken = getSecurityToken();
                    if (secToken == null) {
                        unassertPolicy(transportToken, "No transport token id");
                        return;
                    }
                    assertPolicy(transportToken);
                    if (isTokenRequired(transportToken.getIncludeTokenType())) {
                        Element el = secToken.getToken();
                        addEncryptedKeyElement(cloneElement(el));
                    }
                }
                assertToken(transportToken);
                assertTokenWrapper(transportTokenWrapper);
            }
            handleNonEndorsingSupportingTokens();
            if (transportTokenWrapper != null) {
                handleEndorsingSupportingTokens();
            }
        } else {
            handleNonEndorsingSupportingTokens();
            if (tbinding != null && tbinding.getTransportToken() != null) {
                assertTokenWrapper(tbinding.getTransportToken());
                assertToken(tbinding.getTransportToken().getToken());
                handleEndorsingSupportingTokens();
            }
            addSignatureConfirmation(null);
        }
    } catch (Exception e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }
    if (tbinding != null) {
        assertPolicy(tbinding.getName());
        assertAlgorithmSuite(tbinding.getAlgorithmSuite());
        assertWSSProperties(tbinding.getName().getNamespaceURI());
        assertTrustProperties(tbinding.getName().getNamespaceURI());
    }
    assertPolicy(SP12Constants.SIGNED_PARTS);
    assertPolicy(SP11Constants.SIGNED_PARTS);
    assertPolicy(SP12Constants.ENCRYPTED_PARTS);
    assertPolicy(SP11Constants.ENCRYPTED_PARTS);
}
Also used : TransportToken(org.apache.wss4j.policy.model.TransportToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) Fault(org.apache.cxf.interceptor.Fault) WSSecTimestamp(org.apache.wss4j.dom.message.WSSecTimestamp) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 80 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.

the class KerberosTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    List<WSSecurityEngineResult> kerberosResults = findKerberosResults(parameters.getResults().getActionResults().get(WSConstants.BST));
    for (WSSecurityEngineResult kerberosResult : kerberosResults) {
        KerberosSecurity kerberosToken = (KerberosSecurity) kerberosResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
        boolean asserted = true;
        for (AssertionInfo ai : ais) {
            KerberosToken kerberosTokenPolicy = (KerberosToken) ai.getAssertion();
            ai.setAsserted(true);
            assertToken(kerberosTokenPolicy, parameters.getAssertionInfoMap());
            if (!isTokenRequired(kerberosTokenPolicy, parameters.getMessage())) {
                PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssKerberosV5ApReqToken11"));
                PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssGssKerberosV5ApReqToken11"));
                continue;
            }
            if (!checkToken(parameters.getAssertionInfoMap(), kerberosTokenPolicy, kerberosToken)) {
                asserted = false;
                ai.setNotAsserted("An incorrect Kerberos Token Type is detected");
                continue;
            }
        }
        if (asserted) {
            SecurityToken token = createSecurityToken(kerberosToken);
            token.setSecret((byte[]) kerberosResult.get(WSSecurityEngineResult.TAG_SECRET));
            TokenStoreUtils.getTokenStore(parameters.getMessage()).add(token);
            parameters.getMessage().getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
            return;
        }
    }
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) KerberosSecurity(org.apache.wss4j.dom.message.token.KerberosSecurity) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Aggregations

SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)177 Element (org.w3c.dom.Element)56 Bus (org.apache.cxf.Bus)41 Test (org.junit.Test)39 URL (java.net.URL)35 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)34 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)34 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27 Subject (ddf.security.Subject)24 SecurityAssertion (ddf.security.assertion.SecurityAssertion)24 QName (javax.xml.namespace.QName)21 Fault (org.apache.cxf.interceptor.Fault)19 SOAPException (javax.xml.soap.SOAPException)16 TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)16 SecurityManager (ddf.security.service.SecurityManager)15 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)15 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15 Document (org.w3c.dom.Document)14 ArrayList (java.util.ArrayList)13 Instant (java.time.Instant)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial